IETF Logo Mail Archive

[Idr] Route Leaks and solutions

"Susan Hares" <shares@ndzh.com> Mon, 29 June 2015 15:54 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1A251ACE73 for <idr@ietfa.amsl.com>; Mon, 29 Jun 2015 08:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.354
X-Spam-Level:
X-Spam-Status: No, score=-96.354 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdKeTSKIZ23P for <idr@ietfa.amsl.com>; Mon, 29 Jun 2015 08:54:47 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B30A1ACE6C for <idr@ietf.org>; Mon, 29 Jun 2015 08:54:47 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.185.134;
From: Susan Hares <shares@ndzh.com>
To: 'idr wg' <idr@ietf.org>
Date: Mon, 29 Jun 2015 11:54:42 -0400
Message-ID: <005901d0b283$ea07bd20$be173760$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_005A_01D0B262.62F7A3C0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdCygvgZdEuODf/jSQ2DVCW8x4wMng==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/LGyf90w4p6bXeMzbXl-E4dTRmZQ>
Cc: "'Montgomery, Douglas'" <dougm@nist.gov>, "'Sriram, Kotikalapudi'" <kotikalapudi.sriram@nist.gov>
Subject: [Idr] Route Leaks and solutions
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2015 15:54:49 -0000

Sriram and Doug: 

 

During the interim the following questions asked about the solution in
draft-sriram-idr-route-leak-detection-mitigation-00

 

1.       Does the IDR WG think Route leaks should be deployed in two modes:
With BGPSEC and without BGPSEC?  

Without BGPSEC, Sriram suggested that  it could accidental route leaks, but
not malicious route leaks.

Is this useful to operators? 

 

Without BGPSEC, this could be deployed as an optional transitive path
attribute or an extended community.  

With BGPSEC, this information could be part of the signed path attributes. 

 

2.       If we think it is useful without BGPSEC, should it be deployed in
both forms (BGPSEC and non-BGPSEC)

3.       Would deploying ROA and route filtering, find this another useful
addition?

 

Could you comment on these questions and discuss the value of route leaks on
the list? 

 

Sue Hares

v2.23.0 | Report a Bug | By Email